Hackers are using many types of attacks to compromise business-critical data. Compromised credentials allow an attacker to “walk in the front door” of your environment with legitimate credentials. IBM Cost of a Data Breach Report 2021: “The most common initial attack vector in 2021 was compromised credentials, responsible for 20% of breaches” Password spraying attacks target multiple user accounts with a single commonly used password. The advantage of password spraying is that the attacker spreads the attack out over multiple accounts, which helps avoid account lockouts.
Source: https://thehackernews.com/2021/08/how-companies-can-protect-themselves.html